Data Protection Policy
We are delighted to welcome you at Oleanda.de and would like to thank you for your interest in our products. In order to provide you with a perfect carefree shopping experience in our Online Store, we want you to know that you don t have to worry about the confidentiality and protection of your personal data which is our utmost priority.
In the following we would like to inform you in detail which personal data we collect, for which purposes we process your personal data and which rights you have.
Pursuant to Art.4 lit. 1 GDPR personal data is all information, which refers to an identifiable natural person. A natural person will be seen as identifiable, who can be identified directly or indirectly, in particular by means of allocation to an identifier such as a name, to location data, to a code number, to an online code or to one or several special features, which are an expression of the physical, physiological, genetic, mental, financial, cultural or social identity of this natural person.
If you would like to contact the person in charge of all matters related to Data protection, you will find the contact data and further information in the following paragraphs A-1 und A-2.
A - General Informationen
A1.) Name and Address of the responsible party
The responsible party for the Oleanda Online-Store within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other provisions under data protection law is:
Schöffmann Textilhandel und Vertriebs GmbH, Pommernstrasse 70, 65824 Schwalbach, Germany / Phone: +496196/5680389, Email: service(at)oleanda.com
A2.) Contact data privacy officer
You can contact our designated data privacy officer using the following email address: dataprotection(at)oleanda.com - erreichen.
B - Data processing activities
Provision of the website
B1.) Description and extent of the data processing
With the mere informational use of our website - meaning a simple visit of our website without any registration or transmission of information by you - we will only collect the personal data which your browser transmits to our server when calling our website:
- IP-Address (if applicable in anonymised, abbreviated form)
- Date and time of the country
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the requirement (concrete site)
- Access status/HTTP- Status code
- The transmitted data volume
- The website, from which the requirement comes
- Browser type
- Operating system and its interface
- Language and version of the browser software
The data is also stored in the logfiles of our system. A storage together with other personal data of the user will not take place. The anonymous data of the server logfiles are stored separately from all personal data entered by a relevant person.
B2.) Legal basis for the data processing
The legal basis for the temporary storage of the data is Art. 6 Para. 1 lit. f GDPR.
B3.) Purpose of the data processing
When you are visiting our website, we will collect the data stated under paragraph B1, as they are technically necessary in order to display our website to you and to guarantee the stability and security of the system. The storage in logfiles is carried out in order to ensure the functionality of the website. Moreover, the data serves us to optimise the website to ensure the security of our IT systems. Our legitimate interest in the data processing is also based in these purposes according to Art.6 Para. 1 lit. f GDPR.
B4.) Duration of the storage
The data will be deleted as soon as they are no longer necessary for the achievement of the purpose of their collection. In the event of the entry of the data for the provision of the website, this the case if the respective session is ended, i.e. if you leave our website.
B5.) Possibility to file an objection and remedy
The entry of the data for the provision of the website and the storage of the data in logfiles is absolutely essential for the operation of the website. Consequently, there is no possibility to file an objection on the part of the user.
Description and scope of the data processing
We use session cookies (transient cookies), which are only in use for the duration of an online visit, as well as persistant cookies, which are used in the long term. Long term cookies in particular are used in order to be able to make permanent recurring settings available to you as a customer in the OLEANDA Online-Store, such as for example the login information, saved shopping carts, wishlists and individual information in order to be able to present relevant offers to you based on your previous shopping behaviour.
B6a - Transient Cookies
Transient cookies, which include so called session cookies, are being automatically deleted when you close the browser or a session has expired. These cookies store a so called Session-ID, with which various enquiries of your browser can be allocated to the joint session. This way, your computer/device can be recognized, if you return to our website. The session cookies are being deleted when you log out or close the browser. The session cookies are storing and transmitting the following data:
- Language and country settings
- Screen resolution
- Time of the start and end of the session
B6b - Persistent Cookies
Persistent cookies used by Oleanda.com:
Our website uses Google Analytics, a web analysis serviceof the Google Inc. ("Google"). Google Analytics utilizes so called cookies. These are small text files, that are being saved on your computer in connection to your browser, which make it possible to track and analyze the usage of our website. The data created by the cookie concerning your use of our website is in general being transmitted to and saved on a Google server in the United States of America. In case of the activation of the IP-Anonymization on our Website, your IP-address will be shortened/anonymized by Google within the EU member states and other contracting states of the european economic area before being transmitted. Only in exceptional cases the full IP-address is being transmitted to Google servers in the US and then shortened. By order of the operator of the website (respectively by us), Google will use this informationen, in order to analyze your use of the website, to create reports and to provide further services to the website operator that are in connection to the visited website and the use of the internet. IP-addresses that are being transmitted by the browser to Google Analytics are not being merged with other Google data. You can prevent the saving of Cookies by changing the settings of your browser ; please note that in this case, not all the functionalities and services of our website will be available to you in their full extent. Beyond that, you can also prevent the transmission and processing of the user data (incl. your IP-address) collected by the relevant cookies to Google, by downloading and installing the available Browser Plugin that can be found under the following link - http://tools.google.com/dlpage/gaoptout?hl=de -
Google Adwords Conversion Tracking
On our website we are using the service called "Google AdWords Concersion Tracking". As soon as you arrive on our website by clicking on one of our "Google AdWords Ads", a cookie will be placed on your computer. After 30 days these cookies become invalid and do not serve to identify any personal data. Should you visit any page of our web presence within that timeframe, we will know as a Google AdWords client that you arrived to our site by clicking on one of our published Ads. Each AdWords client has a dedicated cookie. This way, cookies and their data of other websites can not be tracked by other AdWords clients. The data that has been collected by the conversion-cookies is being used for the creation of AdWords statistics that help us to analyze our marketing efforts. We learn about the exact number of visitors that is being send to us by clicking on a specific ad, landing on a page with an AdWords Conversion Tracking-Tag. At no time can we identify the user. Shouldn t you want to participate in the AdWords Tracking, you can deny deny the automatic placement of cookies on your computer at any time. Within your browser settings, you can deactivate the cookie placement in general or set your browser to individually block cookies of the specific domain "googleadservices.com".
B7.) Legal basis for the data processing
The legal basis for the processing of personal data by using cookies is Art.6 Para. 1 lit f GDPR.
B8.) Purpose of the data processing
The use of persistent analysis-cookies is carried out for the purpose to improve the quality of our website and its contents. By the analysis-cookies we find out how the website is used and therefore we can consistently optimize the shopping experience and offer.
Without your consent a collection of analysis data is merely carried out in an anonymised or pseudonymised form. We can not identify you hereby. Therefore our legiimate interest in the processing of the personal data is also constituted in these purposes according to Art.6 Para. 1 lit f GDPR.
B9.) Duration of the storage, possibilities for objection and remedy
Please note that with the non-acceptance of cookies the functionality of our website may be limited.
C - Data processing when using our Online Store
Description and extent of the data processing
C1.) Purchasing in our Online Store
When you are shopping in the OLEANDA online store, the following personal data respectively customer master data is being saved, edited and used for the purpose of processing your order and to react to customer requests or problems:
- Last name
- Invoice- and Delivery address
- Email Address
- Phone number
- Customer number
- Payment data
The transmission of any data is protected and encrypted by a so called 256bit Secure Socket Layer (SSL) for a maximum in data security.
Within our legal rights, your personal data is being forwarded to companies that we appointed in order fullfill our contractual obligations. We only forward actually required data and make sure, that your data is being correctly processed according to the directives given by us. We use your Email address to remind you of an abandoned shopping cart in the framework of our remarketing activities.
C2.) Payment Methods
C2a - Payment via Credit Card
In case of a credit card payment, we transmit your payment data to the Concardis GmbH, which in the function of our certified payment service provider is synchronising your payment data with the corresponding credit institution (Visa, Mastercard, American Express). The charging of your credit card is being processed via the secure and certified CONCARDIS Payengine Software. The Concardis GmbH is one of the leading payment service providers and - as a partner of the credit industry - is frequently undergoing the relevant security-certification process. The Concardis GmbH fulfills the PCI-Security Standard and provides a secure payment enviroment for our customers.
If you select the credit card payment option, you agree to the encrypted and secure transmission and storage of your credit card data: Type of card, name of the card holder, card number and expiration date (but not the CCV number), by the Concardis GmbH for the timeframe of 3 months.
When paying with your credit card, the following data is being processed:
- The type of credit card (Visa, Mastercard, American Express)
- Name of the card holder
- Card number
- CCV number
- Expiration date
C2b - Payment via PayPal
Components of PayPal are being integrated in our online store. Independant from OLEANDA, PayPal is an online payment service provider. Payments can be made via so called PayPal accounts which represent private as well as business accounts. Additionally there is the option to make virtual payments via credit card in case the user does not have a PayPal account. A PayPal-Konto is being kept via an E-Mail-address, which is the reason for the non-existence of classic account numbers. PayPal makes it possible to initate online-payments to third parties and to receive payments. PayPal is further playing the role of a trustee and offers buyers protection services.
The european operating company of PayPal is the PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxemburg.
Choosing "PayPal" as the prefered payment option in our online store, personal data will automatically be transmitted to PayPal. By selecting this payment method, you agree to the transmission of personal data, which is required in order to process the payment, to PayPal.
The personal data transmitted to PayPal is usually the name, last name, address, Email-address, IP-address, phone number or other data, that is necessary for processing the payment. Also required for the fullfillment of the purchasing contract is all personal information that is related to each purchase.
The transmission of the data has the purpose of payment processing and fraud prevention. We transmit personal data to PayPal especially in case of a legitimate interest. There is the possibility that the personal data exchanged inbetween PayPal and us is being shared by PayPal with credit agencies. This transmission is for the purpose of an identity and credit assessment.
PayPal is forwarding personal information to connected companies and service providers if it is necessary in order fulfill contractual duties or data is being processed on assignment.
You have the right to revoke the consent to process personal data towards PayPal at any time. A revocation is not affecting any personal data that is absolutely required to be used or transmitted in order to process a payment.
In case of PayPal payments via one of the offered payment methods, the payment is being processed by the payment service provider PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (im Folgenden: "PayPal") under the application of the PayPal Terms and Conditions, accessible under the following link https://www.paypal.com/de/webapps/mpp/us/useragreement-full or - in case a customer does not have a registered PayPal account - under the application of the terms and conditions for payments without a PayPal account accessible under the following link: https://www.paypal.com/de/webapps/mpp/ua/privacywax-full .
C3.) DHL Tracking Information
After having placed an order in our online store, you will receive a shipping confirmation email including a link to the DHL Tracking information specific to your shipment, in order to inform you about the arrival time of your purchase. In specific cases, we will share your email address with the DHL Vertriebs GmbH, Charles-de-Gaulle-Straße 20, 52113 Bonn, which is required to comply to the data protection laws.
C4.) Legal basis for the data processing
C4a - The legal basis for processing your personal data within the framework of handling your purchase and pre-purchase activities in our online store is Art.6 Para.1 lit. b GDPR.
C4b - The legal basis for transmitting your data to external payment service provider and logistic partners is Art.6 Para.1 lit. a and b GDPR.
C4c - The legal basis for sending the DHL tracking information link is Art.6 Para.1 lit. b GDPR.
C5.) Purpose of the data processing
C5a - The personal data which we receive when you are using our online store is being used for the processing of purchasing contracts, pre-purchase activities, customer service and consulting activities. Beyond that, your personal data is required to assert our rights relating to the concluded or initiated contract of sale.
C5b - The processing of your data in the framework of the payment process is required to carry out the payment method that you selected.
C5c - The use of your email address when sending you the link to the DHL tracking information is for the purpose of giving you upfront information about the delivery so you can time the receipt of the shipment.
C5d - The use of your email address when sending you a reminder email after you abandoned a shopping cart in the checkout process is within the framework of your pre-purchase re-marketing activities.
C6.) Duration of the storage
We store and process your data for the duration of the contractual relationship. This applies also to the initiation time period for a purchasing contract. (Pre-contractual relationship).
Beyond that, further storage- and legal documentation obligations by the german commercial code and general fiscal law also apply to us. The dictated time periods for the retention respectively documentation of records are up to 10 years beyond the end of the contractual or pre-contractual relationship.
Furthermore, specific legal provisions can demand a longer retention period, for example the preservation of evidence in the framework of statutory limitation periods. Pursuant to §§ 195 ff. of the civil law code, the regular limitation period is 3 years, but longer periods up to 30 years can be applicable.
In case that data is not further required for the fulfillment of contractual duties and legal obligations, it is frequently deleted unless limited processing of it is required to fulfill the above mentioned purposes due to a legitimate interest of the employer.
D - Newsletter
D1.) Purpose of the data processing
The purpose is the sending of the Oleanda Newsletter which you subscribed/agreed to via a Double Opt-in on our website Oleanda.com. The collected data is solely used for sending you our marketing newsletter with offers, vouchers and information related to your personal interest in our products.
D2.) Legal basis for the data processing
The sending of our Newsletter is based on your consent according to Art.6 Para. 1 lit. f GDPR.
D3.) Recipient or categories of recipients of your data
Oleanda only has access to your data internally according to the distribution of work. Therefore, only employees and departments assigned to fulfill the required tasks have access to your data.
Service Providers: We have external service providers on assignment which have access to your data and use them for specific purposes defined and given by us. These service providers can be Marketing Service Providers, Website Hosting Service Providers, IT Service Providers and Website Analytics Service Providers.
Third parties: Under specific circumstances, we share your data with state authorities and courts if required.
Beyond that, your data is not being shared with third parties. Should we assign a service provider with the processing of your data, all the security measures defined by us are being implemented to protect your data.
D4.) Duration of the storing of the data and the cancellation of the newsletter subscription
Your data is being stored for the duration of your consent respectively your newsletter subscription. You can revoke your consent / cancel your Oleanda Newsletter subscription yourself at any time. Therefore you can click on the "unsubscribe link" which can be found at the bottom of every newsletter, or deactivate the newsletter subscription from within your Oleanda customer account dashboard (in case you are registered with a customer account in our store). Of course you can also contact our Service-Team and we will delete you from our newsletter recipients list for you.
D5.) Processing of your data in a third country or by international organisations
Your data is not being processed by a third country or an international organisation.
D6.) The scope of your duties to provide us with your data
There are no legal obligations for you to provide your data to Oleanda.com. However, you are not receiving our Email Newsletter if you don t provide your email address and consent. The provision of your data is absolutely voluntary. If you don t provide us with your data, you will not suffer legal disadvantages.
E - Contact via Email, phone, fax and social-media
E1.) Definition and scope of the data processing
For the purpose enabling customers to contact us, we are providing an email address as well as a phone and fax number on our website. Furthermore you can also contact us via the social media platform Facebook if you should need any information about your orders, products or a shipping status. To be able to process your requests it is necessary to transmit personal data like your name, address, email address, customer- and or order number. The information that you provide to us is solely used to verify and process your request and is not shared with any third party. In connection to the use of the social media platforms like Facebook, we have to inform your, that the processing of your data is not under our control and therefore we can not provide any data protection for the information being transmitted by you. In case of questions concerning the data protection policy of a social media companies, please address the operator of each platform.
E2.) Legal basis for the data processing
The legal basis for processing data, that you provide to us in the framework of a service request is Art. 6 Para. 1 lit. f GDPR. Is the purpose of the contact the conclusion of a contract, the additional legal basis for data processing is Art. 6 Para. 1 lit. b GDPR.
E3.) Purpose of the data processing
The sole purpose of processing personal data via each contact channel is to process and address your requests. Therein also lies the legitimate interest in the processing of the data.
E4.) Duration of the data storage
The data is being deleted as soon as it is not required anymore to fulfill the purpose of its collection. Personal data that had been sent via Email is being deleted after the conversation with the customer ended. Under certain circumstances we have to store specific personal data of a communication for a longer time period (for example as proof if in the framework of a customer communication specific agreements related to purchases had been made, in cases of gestures of good will or communication related to payment agreements and claims of defects).
F - Rights of affected persons
Under certain prerequisites you can assert your data protection rights against us:
F1.) Right to withdraw consent:
If you have consented to certain types of processing activities, you can withdraw your consent at any time with future effects. However, please note that this withdrawal does not affect the legitimacy of the processing activities that took place before you withdrew your consent, or if the processing can be justified on the grounds of another legal basis.
F2.) Right to obtain information
You have the right to obtain information from us about your data stored in our company according to the regulations of Art. 15 GDPR (if applicable with restrictions according to section § 34 BDSG). - All our customers have the opportunity to download a XML file with all relevant data related to their use of our website by themselves from within their customer account/dashboard.
F3.) Right to correction
Following an application from you, we will rectify the data stored in relation to your person according to Art. 16 GDPR if these are incorrect or faulty.
F4.) Right to deletion
If you request it, we will delete your data according to the principled of Art. 17 GDPR, if this is not opposed by other statutory regulations (e.g. Statutory storage obligations or the restrictions according to § 35 BDSG) or a main interest on our part (e.g. for the defence of our rights and claims).
F5.) Right to restrict processing
By taking the prerequisites of Art. 18 GDPR into consideration you can request that we restrict the processing of your data.
F6.) Right to object
You can also object to the processing of your data in accordance with Art. 21 GDPR. This right to object exists if there are certain reasons that arise from your special situation, and only for data processing the legitimacy of which is based on a consideration of the various interests, which relates to profiling or that is carried out for the purpose of direct advertising. in this case, your data will no longer be processed unless we are legally entitled to decline your objection. We must however comply with an objection against direct marketing, including profiling, and we may no longer process your data for these purposes. If you gave us permission for direct marketing activities and you don not want to receive them furthermore, you haev to revoke your consent.
F7.) Right to data transferability
In accordance with the regulatory requirements of Art. 20 GDPR, you also have the right to receive your data in a structured, popular and machine-readable format, or to have the same transmitted to a third party. You can download your data in a machine-readable XML format from within your customer account. You will find the download button at the bottom of your customer account dashboard.
F8.) Complaint submitted to the data privacy authority
You also have the right to submit a complaint to a data privacy supervisory authority in charge (Art. 77 GDPR). However, we recommend that a complaint is always first submitted to our Data Protection Officer, so that we can addres your concerns as quickly and customer-focused as possible.
To ensure that your request is processed in a timely fashion, please direct your submissions regarding the exerise of your rights to the address below or directly to our Data Protection Officer in writing:
Oleanda Dessous - Schöffmann Textilhandel & Vertriebs GmbH, Pommernstrasse 70, 65824 Schwalbach, Germany
G - Other
G1.) Scope of your obilgations to make your data available to us
You only need to make those data available, which are necessary for the commencement and execution of the contractual relationship or for a pre-contractual relationship with us or which we are obliged to collect by law. Without these data we will as a rule not be in the position to conclude the contract or to continue to carry this out. This may also refer to data that are subsequently required within the scope of the contractual relationship. If we additionally receive data from you, you will be informed about the voluntary nature of the details separately.
G2.) Forwarding to third parties
Oleanda can only access your data as is required to achieve the purposes in accordance with the internal division of tasks. To this end, only those departments and employees who are required to access your data will be granted access to this data internally.
Service Providers: We have service providers involved that have access to your data in their capacity as a contract processor, and who process this data for the purposes specifically defined by us. These contract processors may be marketing service providers, website hosting service providers, IT Support service providers or website analysis service providers.
Other third parties: We may also be required to forward certain data to third parties in cases where this is required by law or under the legislation. Such parties may include government authorities and institutions, courts, external advisors as well as internal company control instances, if required.
International data transmission: Even though all recipients are currently based in the EU/EEA, it is possible that in the future recipients may be based in a country outside of the EU/EEA that does not offer a standard of data privacy that is comparable to the European data privacy standard. In particular, such service providers may be located in the US in the future. In this case, Oleanda will either select service providers that have been certified under the US-EU Privacy Shield Program (Art. 45 Para. 1 GDPR) or that arrange the EU standard conract clauses, such as those approved by the EU Commission, with Oleanda (Art. 46 Para. 2 (c) or (d) GDPR).
H - Version
This data privacy information was most recently updated on the 1st of January 2019. Oleanda reserves the right to update this data privacy information from time to time.